[
https://issues.apache.org/jira/browse/COMPRESS-647?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Osipov updated COMPRESS-647:
------------------------------------
Description:
The attached fuzzed zip file fails to open with the following test when the
{{allowStoredEntriesWithDataDescriptor} }value is {{true}}.
{code:java}
@ParameterizedTest
@ValueSource(booleans = {true, false})
public void zipInputStream(final boolean allowStoredEntriesWithDataDescriptor) {
try (ZipArchiveInputStream zIn = new
ZipArchiveInputStream(Files.newInputStream(Paths.get("crash-commons-compress-ZipArchiveInputStream-dataDescriptor")),
"UTF-8", false, allowStoredEntriesWithDataDescriptor)) {
ZipArchiveEntry zae = zIn.getNextZipEntry();
while (zae != null) {
zae = zIn.getNextZipEntry();
}
} catch (IOException e) {
// Ignore expected exception
}
} {code}
The exception is
{code:java}
java.lang.ArrayIndexOutOfBoundsException: arraycopy: source index -6 out of
bounds for byte[512] at java.base/java.lang.System.arraycopy(Native Method)
at
java.base/java.io.PushbackInputStream.unread(PushbackInputStream.java:232)
at
org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.pushback(ZipArchiveInputStream.java:979)
at
org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.bufferContainsSignature(ZipArchiveInputStream.java:471)
at
org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.readStoredEntry(ZipArchiveInputStream.java:1282)
at
org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.readStored(ZipArchiveInputStream.java:1211)
at
org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.read(ZipArchiveInputStream.java:1013)
at
org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.skip(ZipArchiveInputStream.java:1343)
at
org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.closeEntry(ZipArchiveInputStream.java:562)
at
org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.getNextZipEntry(ZipArchiveInputStream.java:735)
at
org.apache.commons.compress.archivers.zip.ZipArchiveInputStreamTest.zipInputStream(ZipArchiveInputStreamTest.java:765)
{code}
I also tried to open the file with the ZipFile class and the crash does not
occure there. Seems to only affect the stream implementation with that specific
option.
was:
The attached fuzzed zip file fails to open with the following test when the
{{allowStoredEntriesWithDataDescriptor }}value is {{{}true{}}}.
{code:java}
@ParameterizedTest
@ValueSource(booleans = {true, false})
public void zipInputStream(final boolean allowStoredEntriesWithDataDescriptor) {
try (ZipArchiveInputStream zIn = new
ZipArchiveInputStream(Files.newInputStream(Paths.get("crash-commons-compress-ZipArchiveInputStream-dataDescriptor")),
"UTF-8", false, allowStoredEntriesWithDataDescriptor)) {
ZipArchiveEntry zae = zIn.getNextZipEntry();
while (zae != null) {
zae = zIn.getNextZipEntry();
}
} catch (IOException e) {
// Ignore expected exception
}
} {code}
The exception is
{code:java}
java.lang.ArrayIndexOutOfBoundsException: arraycopy: source index -6 out of
bounds for byte[512] at java.base/java.lang.System.arraycopy(Native Method)
at
java.base/java.io.PushbackInputStream.unread(PushbackInputStream.java:232)
at
org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.pushback(ZipArchiveInputStream.java:979)
at
org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.bufferContainsSignature(ZipArchiveInputStream.java:471)
at
org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.readStoredEntry(ZipArchiveInputStream.java:1282)
at
org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.readStored(ZipArchiveInputStream.java:1211)
at
org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.read(ZipArchiveInputStream.java:1013)
at
org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.skip(ZipArchiveInputStream.java:1343)
at
org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.closeEntry(ZipArchiveInputStream.java:562)
at
org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.getNextZipEntry(ZipArchiveInputStream.java:735)
at
org.apache.commons.compress.archivers.zip.ZipArchiveInputStreamTest.zipInputStream(ZipArchiveInputStreamTest.java:765)
{code}
I also tried to open the file with the ZipFile class and the crash does not
occure there. Seems to only affect the stream implementation with that specific
option.
> ArrayIndexOutOfBoundsException when reading Zip with data descriptor entries
> ----------------------------------------------------------------------------
>
> Key: COMPRESS-647
> URL: https://issues.apache.org/jira/browse/COMPRESS-647
> Project: Commons Compress
> Issue Type: Bug
> Affects Versions: 1.23.0
> Reporter: Robin Schimpf
> Priority: Major
> Attachments:
> crash-commons-compress-ZipArchiveInputStream-dataDescriptor
>
>
> The attached fuzzed zip file fails to open with the following test when the
> {{allowStoredEntriesWithDataDescriptor} }value is {{true}}.
> {code:java}
> @ParameterizedTest
> @ValueSource(booleans = {true, false})
> public void zipInputStream(final boolean
> allowStoredEntriesWithDataDescriptor) {
> try (ZipArchiveInputStream zIn = new
> ZipArchiveInputStream(Files.newInputStream(Paths.get("crash-commons-compress-ZipArchiveInputStream-dataDescriptor")),
> "UTF-8", false, allowStoredEntriesWithDataDescriptor)) {
> ZipArchiveEntry zae = zIn.getNextZipEntry();
> while (zae != null) {
> zae = zIn.getNextZipEntry();
> }
> } catch (IOException e) {
> // Ignore expected exception
> }
> } {code}
> The exception is
> {code:java}
> java.lang.ArrayIndexOutOfBoundsException: arraycopy: source index -6 out of
> bounds for byte[512] at java.base/java.lang.System.arraycopy(Native Method)
> at
> java.base/java.io.PushbackInputStream.unread(PushbackInputStream.java:232)
> at
> org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.pushback(ZipArchiveInputStream.java:979)
> at
> org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.bufferContainsSignature(ZipArchiveInputStream.java:471)
> at
> org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.readStoredEntry(ZipArchiveInputStream.java:1282)
> at
> org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.readStored(ZipArchiveInputStream.java:1211)
> at
> org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.read(ZipArchiveInputStream.java:1013)
> at
> org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.skip(ZipArchiveInputStream.java:1343)
> at
> org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.closeEntry(ZipArchiveInputStream.java:562)
> at
> org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.getNextZipEntry(ZipArchiveInputStream.java:735)
> at
> org.apache.commons.compress.archivers.zip.ZipArchiveInputStreamTest.zipInputStream(ZipArchiveInputStreamTest.java:765)
> {code}
> I also tried to open the file with the ZipFile class and the crash does not
> occure there. Seems to only affect the stream implementation with that
> specific option.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
